Quarantining/Removing My Defective CMDService...

Hi :)

We're almost there...

PLease delete the following folder if found:
C:\WINDOWS\UnlhbiBMaXR0bGVmaWVsZA

Then please run ComboFix again and post it's log to here one more time :bigthumb:
 
Okie dokie.. Part 1.

"Ryan Littlefield" - 07-01-23 9:24:22 Service Pack 2
ComboFix 07-01-21 - Running from: "C:\Documents and Settings\Ryan Littlefield\My Documents"

((((((((((((((((((((((((((((((( Files Created from 2006-12-23 to 2007-01-23 ))))))))))))))))))))))))))))))))))


2007-01-22 15:41 <DIR> d-------- C:\!KillBox
2007-01-22 15:32 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-01-22 15:32 <DIR> d-------- C:\Program Files\Grisoft
2007-01-22 15:29 98,374,194 --a------ C:\RegBackUp.reg
2007-01-22 01:53 <DIR> d-------- C:\Program Files\UBT
2007-01-21 23:33 <DIR> d-------- C:\VundoFix Backups
2007-01-21 20:42 44,060 --------- C:\WINDOWS\SYSTEM32\umehgauf.dll
2007-01-20 20:43 76,412 --------- C:\WINDOWS\SYSTEM32\prdsxqaf.dll
2007-01-20 20:42 44,060 --------- C:\WINDOWS\SYSTEM32\rltoqeio.dll
2007-01-19 20:42 44,060 --------- C:\WINDOWS\SYSTEM32\qsxijhay.dll
2007-01-19 00:03 28,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
2007-01-18 20:42 76,412 --------- C:\WINDOWS\SYSTEM32\oegawvtt.dll
2007-01-18 20:42 44,060 --------- C:\WINDOWS\SYSTEM32\vbbgvdcv.dll
2007-01-18 10:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-01-17 20:42 44,060 --------- C:\WINDOWS\SYSTEM32\wfkjjgww.dll
2007-01-16 20:42 76,412 --------- C:\WINDOWS\SYSTEM32\rombfcdk.dll
2007-01-16 20:42 44,060 --------- C:\WINDOWS\SYSTEM32\ofunlvpr.dll
2007-01-16 15:35 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-16 12:45 15,872 --------- C:\WINDOWS\SYSTEM32\sophosboottasks.exe
2007-01-16 12:45 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-23 09:19 -------- d-------- C:\Program Files\mozilla firefox
2007-01-22 19:22 -------- d-------- C:\Program Files\prevx1
2007-01-18 15:36 -------- d-------- C:\DOCUME~1\RYANLI~1\Application Data\prevx
2007-01-18 12:21 -------- d-------- C:\Program Files\itunes
2007-01-18 12:13 -------- d-------- C:\Program Files\aim
2007-01-16 21:34 -------- d-------- C:\DOCUME~1\RYANLI~1\Application Data\u3
2007-01-16 18:54 -------- d-------- C:\Program Files\world of warcraft
2006-12-15 20:24 13952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxrd.sys
2006-12-15 10:35 42516 --------- C:\WINDOWS\SYSTEM32\gcgcqvim.dll
2006-12-15 10:35 126996 --------- C:\WINDOWS\SYSTEM32\xyloxeyd.dll
2006-12-14 10:35 42516 --------- C:\WINDOWS\SYSTEM32\cpljebph.dll
2006-12-13 10:34 42516 --------- C:\WINDOWS\SYSTEM32\kmsnwfhu.dll
2006-12-12 10:34 42516 --------- C:\WINDOWS\SYSTEM32\yoalsayc.dll
2006-12-12 10:34 42516 --------- C:\WINDOWS\SYSTEM32\vymyarhx.dll
2006-12-11 10:34 42516 --------- C:\WINDOWS\SYSTEM32\yclcifrd.dll
2006-12-10 10:33 42516 --------- C:\WINDOWS\SYSTEM32\gvtbjdkp.dll
2006-12-09 10:33 42516 --------- C:\WINDOWS\SYSTEM32\fxcrbpwy.dll
2006-12-08 13:36 7552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxcom.sys
2006-12-08 13:36 274688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxfsf.sys
2006-12-08 13:36 18560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxtdi.sys
2006-12-08 13:36 11648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxscrmbl.sys
2006-12-08 13:36 100864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PxEmu.sys
2006-12-08 10:33 42516 --------- C:\WINDOWS\SYSTEM32\bwqxposk.dll
2006-12-08 09:32 42516 --------- C:\WINDOWS\SYSTEM32\unqkjcxv.dll
2006-12-07 09:32 42516 --------- C:\WINDOWS\SYSTEM32\pxhxvmxk.dll
2006-12-07 09:31 42516 --------- C:\WINDOWS\SYSTEM32\jybyvstt.dll
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-12-06 09:31 42516 --------- C:\WINDOWS\SYSTEM32\bnvqmbwj.dll
2006-12-05 09:46 42516 --------- C:\WINDOWS\SYSTEM32\reuekwsj.dll
2006-12-04 11:10 42516 --------- C:\WINDOWS\SYSTEM32\vfejoqsd.dll
2006-12-03 11:10 42516 --------- C:\WINDOWS\SYSTEM32\iqgmtnpc.dll
2006-12-02 11:10 42516 --------- C:\WINDOWS\SYSTEM32\kbpajxdy.dll
2006-12-01 11:10 42516 --------- C:\WINDOWS\SYSTEM32\lpsancwc.dll
2006-11-30 16:00 42516 --------- C:\WINDOWS\SYSTEM32\fqtnlohv.dll
2006-11-29 16:00 42516 --------- C:\WINDOWS\SYSTEM32\nedapxao.dll
2006-11-29 15:03 42516 --------- C:\WINDOWS\SYSTEM32\xryrfsfq.dll
2006-11-28 15:03 42516 --------- C:\WINDOWS\SYSTEM32\mxfldnhc.dll
2006-11-27 15:02 42516 -----c--- C:\WINDOWS\SYSTEM32\jhtdbwda.dll
2006-11-26 15:01 110612 --------- C:\WINDOWS\SYSTEM32\ftuhinsa.exe
2006-11-17 11:27 110612 --------- C:\WINDOWS\SYSTEM32\wwxblckn.exe
2006-11-16 11:27 110612 --------- C:\WINDOWS\SYSTEM32\ohcwkjtg.exe
2006-11-15 11:27 110612 --------- C:\WINDOWS\SYSTEM32\rcwmicev.exe
2006-11-14 11:26 110612 --------- C:\WINDOWS\SYSTEM32\lcencpxp.exe
2006-11-13 11:27 110612 --------- C:\WINDOWS\SYSTEM32\lsrfnfrh.exe
2006-11-13 11:26 110612 --------- C:\WINDOWS\SYSTEM32\rsnhbnve.exe
2006-11-12 11:25 110612 --------- C:\WINDOWS\SYSTEM32\fdpriddg.exe
2006-11-11 11:25 110612 --------- C:\WINDOWS\SYSTEM32\venlkclu.exe
2006-11-10 11:25 110612 --------- C:\WINDOWS\SYSTEM32\npqiafcx.exe
2006-11-09 11:25 110612 --------- C:\WINDOWS\SYSTEM32\gnglquiw.exe
2006-11-09 00:23 110612 --------- C:\WINDOWS\SYSTEM32\plgpbgek.exe
2006-11-08 22:22 110612 --------- C:\WINDOWS\SYSTEM32\xkkhtfqk.exe
2006-11-08 17:35 110612 --------- C:\WINDOWS\SYSTEM32\uxxmfqck.exe
2006-11-08 17:33 110612 --------- C:\WINDOWS\SYSTEM32\hkfpecys.exe
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-07 22:27 110612 --------- C:\WINDOWS\SYSTEM32\apmwjdqm.exe
2006-11-07 21:03 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-11-07 16:38 110612 --------- C:\WINDOWS\SYSTEM32\cnidtffl.exe
2006-11-07 03:27 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-11-06 18:44 110612 --------- C:\WINDOWS\SYSTEM32\sxqbouml.exe
2006-11-05 18:42 110612 --------- C:\WINDOWS\SYSTEM32\vqtsmwiu.exe
2006-11-05 18:40 110612 --------- C:\WINDOWS\SYSTEM32\tbpkesyk.exe
2006-11-04 18:39 110612 --------- C:\WINDOWS\SYSTEM32\nspilnve.exe
2006-11-04 15:58 110612 --------- C:\WINDOWS\SYSTEM32\qduonhbi.exe
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-11-04 10:34 110612 --------- C:\WINDOWS\SYSTEM32\bqfwvhwc.exe
2006-11-04 09:32 110612 --------- C:\WINDOWS\SYSTEM32\oqasfldl.exe
2006-11-03 09:31 110612 --------- C:\WINDOWS\SYSTEM32\baetlbeh.exe
2006-11-03 08:30 110612 --------- C:\WINDOWS\SYSTEM32\xsvvcqms.exe
2006-11-03 00:49 110612 --------- C:\WINDOWS\SYSTEM32\qdrasogi.exe
2006-11-02 00:47 110612 --------- C:\WINDOWS\SYSTEM32\sdawniau.exe
2006-11-02 00:38 110612 --------- C:\WINDOWS\SYSTEM32\jscmbxra.exe
2006-11-02 00:28 110612 --------- C:\WINDOWS\SYSTEM32\cjhoxjad.exe
2006-11-02 00:27 110612 --------- C:\WINDOWS\SYSTEM32\plsvavxb.exe
2006-11-02 00:26 110612 --------- C:\WINDOWS\SYSTEM32\udroryce.exe
2006-11-02 00:22 110612 --------- C:\WINDOWS\SYSTEM32\hxiephvi.exe
2006-11-01 22:27 110612 --------- C:\WINDOWS\SYSTEM32\oyraehuu.exe
2006-11-01 22:23 2560 --a------ C:\WINDOWS\_msrstrt.exe
2006-11-01 22:20 110612 --------- C:\WINDOWS\SYSTEM32\hwnuqgnt.exe
2006-11-01 19:04 110612 --------- C:\WINDOWS\SYSTEM32\llkoyfql.exe
2006-11-01 17:22 110612 --------- C:\WINDOWS\SYSTEM32\tmixjgue.exe
2006-11-01 16:44 110612 --------- C:\WINDOWS\SYSTEM32\nwdbcggh.exe
2006-10-31 16:43 110612 --------- C:\WINDOWS\SYSTEM32\vemmsllt.exe
2006-10-30 16:41 110612 --------- C:\WINDOWS\SYSTEM32\iutovjyf.exe
 
And Part 2....

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
"item"="Ulead Photo Express 4.0 SE Calendar Checker "
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Express 4.0 SE\\CalCheck.exe "
"location"="Common Startup"
"path"=""
"backup"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
"item"="Adobe Gamma Loader.exe"
"command"="C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe "
"location"="Common Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"item"="Adobe Gamma Loader"
"command"="C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe "
"location"="Common Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
"item"="AutoUpdate Monitor"
"command"="C:\\Program Files\\Sophos\\AutoUpdate\\ALMon.exe "
"location"="Common Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"item"="Kodak software updater"
"command"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "
"location"="Common Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"item"="AIM"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"item"="Aim6"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
"item"="AsioReg"
"command"="REGSVR32.EXE /S CTASIO.DLL"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
"item"="CTDVDDet"
"command"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"item"="ctfmon.exe"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"item"="CTHelper"
"command"="CTHELPER.EXE"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"item"="CTSysVol"
"command"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"item"="DellSupport"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
"item"="dla"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"item"="DVDLauncher"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"item"="HostManager"
"command"="C:\\Program Files\\Common Files\\AOL\\1156393505\\ee\\AOLSoftware.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"item"="HPDJ Taskbar Utility"
"command"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb06.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
"item"="IntelMeM"
"command"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"item"="IPHSend"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"item"="iTunesHelper"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"item"="MoneyAgent"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"item"="MSMSGS"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"item"="NeroCheck"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"item"="NvCplDaemon"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"item"="PCMService"
"command"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVModule]
"item"="PVModule"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"item"="QuickTime Task"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"item"="Steam"
"command"="C:\\Valve\\Steam\\Steam.exe -silent"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"item"="SunJavaUpdateSched"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"item"="TkBellExe"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
"item"="Ulead AutoDetector"
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniUploader]
"item"="UniUploader"
"command"="C:\\Program Files\\UniUploader\\UniUploader.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"item"="UpdateManager"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"item"="UpdReg"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"item"="WinampAgent"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SAVService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-23 9:29:52
C:\ComboFix2.txt ... 07-01-22 11:09
 
Hi again, we'll continue :)
Some of the files just didn't want to die...so let's try again

You should print these instructions or save these to a text file. Follow these instructions carefully.

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Please run Killbox.

Select "Delete on Reboot".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\SYSTEM32\umehgauf.dll
C:\WINDOWS\SYSTEM32\prdsxqaf.dll
C:\WINDOWS\SYSTEM32\rltoqeio.dll
C:\WINDOWS\SYSTEM32\qsxijhay.dll
C:\WINDOWS\SYSTEM32\oegawvtt.dll
C:\WINDOWS\SYSTEM32\vbbgvdcv.dll
C:\WINDOWS\SYSTEM32\wfkjjgww.dll
C:\WINDOWS\SYSTEM32\rombfcdk.dll
C:\WINDOWS\SYSTEM32\ofunlvpr.dll
C:\WINDOWS\SYSTEM32\gcgcqvim.dll
C:\WINDOWS\SYSTEM32\xyloxeyd.dll
C:\WINDOWS\SYSTEM32\cpljebph.dll
C:\WINDOWS\SYSTEM32\kmsnwfhu.dll
C:\WINDOWS\SYSTEM32\yoalsayc.dll
C:\WINDOWS\SYSTEM32\vymyarhx.dll
C:\WINDOWS\SYSTEM32\yclcifrd.dll
C:\WINDOWS\SYSTEM32\gvtbjdkp.dll
C:\WINDOWS\SYSTEM32\fxcrbpwy.dll
C:\WINDOWS\SYSTEM32\bwqxposk.dll
C:\WINDOWS\SYSTEM32\unqkjcxv.dll
C:\WINDOWS\SYSTEM32\pxhxvmxk.dll
C:\WINDOWS\SYSTEM32\jybyvstt.dll
C:\WINDOWS\SYSTEM32\bnvqmbwj.dll
C:\WINDOWS\SYSTEM32\reuekwsj.dll
C:\WINDOWS\SYSTEM32\vfejoqsd.dll
C:\WINDOWS\SYSTEM32\iqgmtnpc.dll
C:\WINDOWS\SYSTEM32\kbpajxdy.dll
C:\WINDOWS\SYSTEM32\lpsancwc.dll
C:\WINDOWS\SYSTEM32\fqtnlohv.dll
C:\WINDOWS\SYSTEM32\nedapxao.dll
C:\WINDOWS\SYSTEM32\xryrfsfq.dll
C:\WINDOWS\SYSTEM32\mxfldnhc.dll
C:\WINDOWS\SYSTEM32\jhtdbwda.dll
C:\WINDOWS\SYSTEM32\ftuhinsa.exe
C:\WINDOWS\SYSTEM32\wwxblckn.exe
C:\WINDOWS\SYSTEM32\ohcwkjtg.exe
C:\WINDOWS\SYSTEM32\rcwmicev.exe
C:\WINDOWS\SYSTEM32\lcencpxp.exe
C:\WINDOWS\SYSTEM32\lsrfnfrh.exe
C:\WINDOWS\SYSTEM32\rsnhbnve.exe
C:\WINDOWS\SYSTEM32\fdpriddg.exe
C:\WINDOWS\SYSTEM32\venlkclu.exe
C:\WINDOWS\SYSTEM32\npqiafcx.exe
C:\WINDOWS\SYSTEM32\gnglquiw.exe
C:\WINDOWS\SYSTEM32\plgpbgek.exe
C:\WINDOWS\SYSTEM32\xkkhtfqk.exe
C:\WINDOWS\SYSTEM32\uxxmfqck.exe
C:\WINDOWS\SYSTEM32\hkfpecys.exe
C:\WINDOWS\SYSTEM32\apmwjdqm.exe
C:\WINDOWS\SYSTEM32\cnidtffl.exe
C:\WINDOWS\SYSTEM32\sxqbouml.exe
C:\WINDOWS\SYSTEM32\vqtsmwiu.exe
C:\WINDOWS\SYSTEM32\tbpkesyk.exe
C:\WINDOWS\SYSTEM32\nspilnve.exe
C:\WINDOWS\SYSTEM32\qduonhbi.exe
C:\WINDOWS\SYSTEM32\bqfwvhwc.exe
C:\WINDOWS\SYSTEM32\oqasfldl.exe
C:\WINDOWS\SYSTEM32\baetlbeh.exe
C:\WINDOWS\SYSTEM32\xsvvcqms.exe
C:\WINDOWS\SYSTEM32\qdrasogi.exe
C:\WINDOWS\SYSTEM32\sdawniau.exe
C:\WINDOWS\SYSTEM32\jscmbxra.exe
C:\WINDOWS\SYSTEM32\cjhoxjad.exe
C:\WINDOWS\SYSTEM32\plsvavxb.exe
C:\WINDOWS\SYSTEM32\udroryce.exe
C:\WINDOWS\SYSTEM32\hxiephvi.exe
C:\WINDOWS\SYSTEM32\oyraehuu.exe
C:\WINDOWS\SYSTEM32\hwnuqgnt.exe
C:\WINDOWS\SYSTEM32\llkoyfql.exe
C:\WINDOWS\SYSTEM32\tmixjgue.exe
C:\WINDOWS\SYSTEM32\nwdbcggh.exe
C:\WINDOWS\SYSTEM32\vemmsllt.exe
C:\WINDOWS\SYSTEM32\iutovjyf.exe
Click to expand...
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Select "All Files".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Run ComboFix again and post it's log.
 
Alright, did what you told me, here we go.
ComboFix log:

"Ryan Littlefield" - 07-01-25 1:03:09 Service Pack 2
ComboFix 07-01-21 - Running from: "C:\Documents and Settings\Ryan Littlefield\My Documents"

((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))


2007-01-24 00:24 <DIR> d-------- C:\Program Files\Infinite Crosswords - USA Today 1
2007-01-24 00:24 <DIR> d-------- C:\Program Files\Infinite Crosswords - LA Times 1
2007-01-24 00:24 <DIR> d-------- C:\Program Files\Infinite Crosswords
2007-01-22 15:41 <DIR> d-------- C:\!KillBox
2007-01-22 15:32 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-01-22 15:32 <DIR> d-------- C:\Program Files\Grisoft
2007-01-22 15:29 98,374,194 --a------ C:\RegBackUp.reg
2007-01-22 01:53 <DIR> d-------- C:\Program Files\UBT
2007-01-21 23:33 <DIR> d-------- C:\VundoFix Backups
2007-01-19 00:03 28,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
2007-01-18 10:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-01-16 15:35 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-16 12:45 15,872 --------- C:\WINDOWS\SYSTEM32\sophosboottasks.exe
2007-01-16 12:45 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-25 01:02 -------- d-------- C:\Program Files\mozilla firefox
2007-01-24 16:17 -------- d-------- C:\Program Files\world of warcraft
2007-01-23 19:59 -------- d-------- C:\Program Files\quicktime
2007-01-22 19:22 -------- d-------- C:\Program Files\prevx1
2007-01-18 15:36 -------- d-------- C:\DOCUME~1\RYANLI~1\Application Data\prevx
2007-01-18 12:21 -------- d-------- C:\Program Files\itunes
2007-01-18 12:13 -------- d-------- C:\Program Files\aim
2007-01-16 21:34 -------- d-------- C:\DOCUME~1\RYANLI~1\Application Data\u3
2006-12-15 20:24 13952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxrd.sys
2006-12-08 13:36 7552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxcom.sys
2006-12-08 13:36 274688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxfsf.sys
2006-12-08 13:36 18560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxtdi.sys
2006-12-08 13:36 11648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxscrmbl.sys
2006-12-08 13:36 100864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PxEmu.sys
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-11-01 22:23 2560 --a------ C:\WINDOWS\_msrstrt.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
"item"="Ulead Photo Express 4.0 SE Calendar Checker "
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Express 4.0 SE\\CalCheck.exe "
"location"="Common Startup"
"path"=""
"backup"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
"item"="Adobe Gamma Loader.exe"
"command"="C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe "
"location"="Common Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"item"="Adobe Gamma Loader"
"command"="C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe "
"location"="Common Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
"item"="AutoUpdate Monitor"
"command"="C:\\Program Files\\Sophos\\AutoUpdate\\ALMon.exe "
"location"="Common Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"item"="Kodak software updater"
"command"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "
"location"="Common Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"item"="AIM"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"item"="Aim6"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
"item"="AsioReg"
"command"="REGSVR32.EXE /S CTASIO.DLL"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
"item"="CTDVDDet"
"command"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"item"="ctfmon.exe"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"item"="CTHelper"
"command"="CTHELPER.EXE"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"item"="CTSysVol"
"command"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"item"="DellSupport"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
"item"="dla"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"item"="DVDLauncher"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"item"="HostManager"
"command"="C:\\Program Files\\Common Files\\AOL\\1156393505\\ee\\AOLSoftware.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"item"="HPDJ Taskbar Utility"
"command"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb06.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
"item"="IntelMeM"
"command"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"item"="IPHSend"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"item"="iTunesHelper"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"item"="MoneyAgent"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"item"="MSMSGS"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"item"="NeroCheck"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"item"="NvCplDaemon"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"item"="PCMService"
"command"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVModule]
"item"="PVModule"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"item"="QuickTime Task"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"item"="Steam"
"command"="C:\\Valve\\Steam\\Steam.exe -silent"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"item"="SunJavaUpdateSched"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"item"="TkBellExe"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
"item"="Ulead AutoDetector"
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniUploader]
"item"="UniUploader"
"command"="C:\\Program Files\\UniUploader\\UniUploader.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"item"="UpdateManager"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"item"="UpdReg"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"item"="WinampAgent"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SAVService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-25 1:08:37
C:\ComboFix2.txt ... 07-01-23 09:29
C:\ComboFix3.txt ... 07-01-22 11:09
 
Hi again, it is looking clean now :)

You don't seem to a firewall running, you must install one firewall.
NOTE: If you're using Windows XP firewall, I recommend that you install a more advanced firewall. Windows firewall doesn't really provide enough protection.
Disable Windows firewall after installing a new firewall.

These are good (free) firewalls:
Now you can enable PrevX protection again.

Now you can clean AVG's Quarantine:
  • Open AVG Anti-Spyware
  • Click Infections
  • Click Quarantine tab
  • Click Select all
  • Click Remove finally
  • Close the program
You can remove the tools we used. You may delete the following backup folder; C:\!Killbox

Then you should update your Java to the latest version (6.0)
  • [*]Start
    [*]Control Panel
    [*]Add/Remove Programs
  • Delete the old Java, J2SE Runtime Environment 5.0 Update 6
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement."
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Install it
Now you can make your hidden files hidden again.
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Check "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
  • Clear your system restore
    This will clear the system restore folders from possible malware that was left behind during the cleaning process.
  • Use ATF Cleaner
    Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
  • Use Ad-Aware
    Download and install Ad-Aware. Update it and scan your computer regularly with it.
  • Use AVG Anti-Spyware
    Update it and scan your computer regularly with it.
  • Use Spybot S&D
    Download and install Spybot S&D. Update it and scan your computer regularly with it.
  • Install SpywareBlaster
    SpywareBlaster will prevent spyware from being installed.
  • Install MVPS Hosts file
    This prevents your computer from connecting to harmful sites.
  • Use Firefox browser
    Firefox is faster, safer and better browser than Internet Explorer.
  • Keep your systen up-to-date
    Visit Windows Update regularly.
  • Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.
  • Read this article by TonyKlein
    So how did I get infected in the first place?
  • Stand Up and Be Counted !
    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Stay clean and be safe ;)
 
Thank you VERY VERY much for helping me. You have no idea how much easier (well, you probably do) this will make things now.

By the way, I have Sophos installed on here, because it's the firewall that the college recommends, and for some reason, I think they have the port that Sophos uses to get its updates blocked.....because neither me nor anyone else on here cannot connect to the update server. But, the college has its own firewall too.

But again, thanks SO much for the help!!!!
 
You're welcome :)

So you have an up-to-date subscription to Sophos ?
It is just that an antivirus won't protect you if it isn't up-to-date.

You could try manual update too -> Link

:bigthumb:
 
You're very welcome :D:

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

Glad we could help :2thumb:
 
You must log in or register to reply here.
Back
Top